The service PatientAware is suspended. Few others remain on the site written. There is no trace of the services offered by the portal, the same one that has been connecting patients and general practitioners in Lombardy since 2009. The story began on October 10thwhen a huge hacker attack started which blocked the platform. The site was left in “maintenance” for several hours. In the end, the Lombardy Region said: “There has been no evidence of theft or compromise of data.” It doesn’t seem to have happened exactly that way.
Second Cyberoocybersecurity company, a theft of health data in Lombardy there would have been. It would not be the first case of an attack of this kind in Lombardy. On the contrary. Even removing the small ransomware attacks that don’t make it to the news, just the December 23 the Milano Ristorazione canteen service had warned users and employees to be careful of incoming emails. The November 24 Milano Ristorazione had been hit by a hacker attack and now they fear that the data will be taken and used for new scams.
What the analysis says about health data
Let’s see the analysis. The November 25th Cyberoo publishes a report on its blog in which it talks about a “vast archive of health data of citizens of Northern Italy” for sale on a forum. The deal was proposed by a user known as wizgun. In the Cyberoo report we talk about approximately 350.000 record with personal data and 90,000 patients identified. Among these also 30,000 with email address e 4,300 with telephone number.
A message arrives from the CUP but it’s a scam: why you should never call back numbers with the 893 prefix
The cost? There is a price list. 25 euro for a profile linked to a medical prescription. 35 euro for a complete profile with all data including contacts, medical prescriptions and documents related to the disease. About 137.000 euro to be paid in bitcoin for everything.
Cyberoo does not directly connect the archive to PatientAware. However, he says that the seller explains in the ad that the data comes from a cyber attack described by Italian newspapers. Exactly the cyber attack on PazienteConsapevole. Cyberoo only defines the link as “Plausible”.
What is Cyberoo
The report is dated November 25th but it intervenes on December 23rd in Corriere della Sera Veronica Leonardiexecutive board manager of Cyberoo who adds some statements to the story. Now. It is quite common for Cybersecurity companies to release reports like this. However, it is a form of advertising.
According to the data reported on the site, Cyberoo is an Italian company, based in Reggio Emilia. The turnover is not small: in 2024 according to data from the Chamber of Commerce it reached 20.984.338 euro. In 2025 the last recorded data on the number of employees reached 65.
